Data protection is a matter of trust; and your trust is important to us. Data processing at JAB JOSEF ANSTOETZ KG, represented by the personally liable shareholders: Ralph Anstoetz, Stephan Anstoetz, Heinz Anstoetz GmbH, Bielefeld, HRB 30095, Managing Director of Heinz Anstoetz GmbH: Ralph Anstoetz, Stephan Anstoetz, Claus Anstoetz, Chris-Jacob Schminnes (hereinafter "we", "us", "our") as Controller in terms of Art. 4 No. 7 GDPR is, of course, based on statutory provisions.
The following linked headings will help you access the desired information.
- A. General information
- 1. Scope of applicability, terms
- 2. Use without registration
- B. Information on data use
- I. Use of your personal data
- 1. What is personal data
- 2. Data use and contract processing
- a) Establishing contact, contract initiation, and processing
- b) Consent
- c) Registration
- d) Withdrawal options
- 3. Processing in the company organisation
- a) Transfer to third parties
- b) Outsourced IT and hosting
- 4. Transfer to payment service providers
- 5. Shipping status information
- 6. Geolocation
- 7. Use of data for advertisement and market research purposes
- a) General use
- b) Sweepstakes
- c) Postal advertisement
- d) Email advertisement with separate consent
- 8. Right to withdraw and object to advertisement
- 9. Data use in case of job application
- 10. Erasure and blocking
- II. Data collection when visiting our website
- 1. Technical information in cookies
- a) Technical information
- b) Cookies
- 2. Use of profiles
- 3. Details concerning web analysis and advertisement
- (Google Analytics)
- (Google Maps)
- 4. Use of a live chat system SnapEngage (SnapEngage LLC)
- 5. Right to object and withdraw concerning user profiles and cookies
- III. How do we protect your personal data?
- 1. General safety measures
- 2. Protection of your payment information
- IV. What are my rights?
- 1. Right to confirmation and information
- 2. Right to rectification
- 3. Right to object
- 4. Right to erasure (right to be forgotten)
- a) Requirements for erasure
- b) Further right to be forgotten
- c) Exceptions for erasure
- 5. Right to restriction of processing
- 6. Right to portability
- 7. Assertion of your rights
- V. Which consent did I grant?
1. Scope of applicability, terms
1.1. The information below applies to the use of JAB's website, including the online shop in which contracts with retailers can be concluded through the JAB Marketplace.
1.2. Users in terms of this agreement are visitors of our website that use the website, the marketplace, the functions or offered content, even if they do so without registration.
2. Use without registration
Every user can access our website without registration, free of charge, and without disclosing name or other identifying information; among other things, every user can there obtain and search for information about JAB, the offers and providers on the marketplace. It is also possible to subscribe to a JAB newsletter through the website.
1. What is personal data
Personal data is all information that refers to an identified or identifiable, natural person (hereinafter "data subject"). Identifiability does not necessarily require the disclosure of a name. Indirect identifiability suffices, e.g. through allocation to an ID number, location data, online ID, or one or multiple special characteristics. It is about your identity. This includes, for example, your name, but also your telephone number, address, and other data that you disclose to us.
Many legal bases for our data processing can be found in the European General Data Protection Regulation (GDPR). You can find the text and the relevant recitals for GDPR at https://gdpr-info.eu. In the following notes we refer to the relevant provisions as the respective legal basis for our processing.
2. Data use and contract processing
a) Establishing contact, contract initiation, and processing
If you establish contact with us through our contact options (e.g. email or the contact form), then we store your name and contact information as well as your request. This data is used to process your request and to communicate with you. We use your email address to answer you by email (legal basis Art. 6 (1) Clause 1 lit a and b GDPR). In case of questions concerning specific orders or if you have a personal request, we need your proper name. You can disclose a pseudonym for all other questions. If your request is completely processed and if no other retention obligations or registration exist, then the data is erased.
JAB collects, uses, and processes your data to provide information that is relevant to you, e.g. search results, new content and functionalities, and to answer your service inquiries.
We also use the data (information concerning an intended or placed order, your address, possibly your delivery address, email address, and payment processing information) to initiate and relay the conclusion of contracts on the marketplace and to execute such transactions. Your information is required in this case, otherwise a contract cannot be concluded on JAB. The same applies to the use of your address and selection data if you initiate a sample order at JAB. In this case, we also transmit your address data to service providers used by us (logistics providers).
JAB in connection with the marketplace makes data concerning transactions available to you as a user for the comfortable tracking and monitoring in the customer account area (after registration accessible through "Login") and makes them available to the retailer participating in the transaction as a contractual partner. Information concerning the transactions are generally transmitted to the purchaser or prospect via the email address specified by you, which we use for this purpose.
Data is also transmitted to such service providers that are used to process the order, initial payment processing, or to deliver the items (e.g. logistics providers, payment processors).
JAB thus uses corresponding data to fulfil the contractual obligations under the agency agreement or to fulfil sample orders on JAB (legal basis Art. 6 (1) Clause 1 lit b GDPR).
Trade and tax law furthermore obligates us to archive data from concluded transactions for the duration of the statutory retention periods. Art. 6 (1) lit. c GDPR is the legal basis for the corresponding use of data.
You can register at JAB (email address and password). Once you have registered, you have access to a contact form, retailer search, and the product finder. You can also save and manage your favourites as well as your shopping basket. Your collection can be retrieved at anytime and anywhere, for as long as you like, and from every internet-enabled terminal device. In addition to high-resolution images, the product finder also offers a compact overview of important product data, e.g. material composition and price. To help your decision-making, you can also order free samples for the items that made it onto your short list.
During registration, we collect the following data for the following purposes:
- Address data for order processing
If you want to delete your access, please contact us through one of the contact options below.
Please also note that your data continues to be stored by us even if your account is closed and is used for the stated purposes (e.g. order processing, as well as advertising information). See I. clause 08about your right to object to use of data for advertisement purposes.
d) Withdrawal options
3. Processing in the company organisation
a) Transfer to third parties
Within the scope of our company organisation, JAB processes your data in IT systems operated by JAB and service providers, and insofar as necessary transmits data of customers, prospects, suppliers, and staff to official authorities pursuant to statutory obligations, e.g. fiscal authorities and consultants (accountants, attorneys, auditors) pursuant to the interests of JAB in a legal and economic management of the company (legal basis Art. 6 (1) lit. c and f GDPR).
In this context, JAB analyses data on all company and business transactions for corporate management and market research purposes.
Unless any other necessity arises from the specific purpose, the data is chiefly assessed in an anonymised or at least pseudonymised manner and at most is made accessible to third parties in a summarised manner detached from identifiable persons. Legal basis Art. 6 (1) lit. c and f GDPR.
b) Outsourced IT and hosting
JAB utilises individual IT software and hosting services of service providers within the scope of the provision of services and the fulfilment of your requests as well as our contractual obligations, based on our interest in an efficient and secure execution of contract and business management. In the process, your data concerning your interests, requests, orders, and visits or use of our service offer is processed also with the assistance of services provided by these service providers.
Insofar as required by law and not already covered by regulations concerning professional confidentiality, JAB in case of data processing has contractually ensured your access and the secure and confidential processing of your data.
Legal basis Art. 6 (1) lit. f GDPR possibly in conjunction with Art. 28 GDPR (conclusion of data processing agreement).
4. Transfer to payment service providers
In coordination with the companies handling card payment processes, credit card information is not stored at JAB or retailers offering their services on the marketplace. Rather, these are captured through a secure gateway based on a secure, encoded process, directly on the page of our payment service provider Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany, represented by its managing directors Mark Freese, Jens Mahlke and Luca Zanotti. JAB must transmit data for reimbursements to the payment service provider only in case of returns. This is data concerning the identity of the credit card holder and the transaction (first name, name, internal payment ID, amount).
All payment data, as well as data on any chargebacks, are only stored for as long as necessary to process the payment (including processing of any chargebacks and collection of the receivable) and to combat fraud. Data are generally deleted no later than 13 months after collection.
Data may be stored for longer if and for as long as necessary to comply with statutory regulations or to prosecute a concrete case of fraud. The legal basis for data processing is Art. 6 para. 1 f) General Data Protection Regulation.
You can request information about your data, ask for it to be rectified or deleted and for processing to be restricted and/or you can withhold your consent to the processing of your data. If you have any questions about data processing by Concardis or to exercise your aforementioned rights, you can write to the data protection officer at the address provided above or by email to firstname.lastname@example.org.
Furthermore, you have the right to complain to a supervisory authority (in Germany to the state data protection officer). You are advised that you have no statutory or contractual obligation to provide your payment data. If you do not wish to provide your payment data you can choose another payment method (e.g. cash).
5. Shipping status information
If you grant corresponding consent, JAB uses the so-called geolocation API of your browser. JAB then receives estimated data concerning an approximate location that is determined by the browser manufacturer, by comparing your IP with IP databases and entries on nearby wireless access nodes in cooperation with the geolocation service, Google Location Services. The accuracy varies and is often not identical to the location at which you operate your browser. If you use a terminal device with GPS capability, e.g. a smartphone, then the GPS module can provide significantly more precise data to determine your location. Please note possible other information provided by your browser manufacturer.
If you do not grant your consent, JAB will not receive and will not use such data.
This data is used to allocate distance-based retailer offers to the user.
7. Use of data for advertisement and market research purposes
a) General use
JAB is interested in maintaining the customer relationship with you, in gaining new customers, reactivating existing customers, and in providing its customers with information and offers. To safeguard these legitimate interests, JAB, based on Art. 6 (1) lit. f GDPR (also with the assistance of service providers) processes your data in order to disclose to you information and offers by JAB or partners offering on JAB, based on the same interest, and to improve the information and offers. JAB may obtain your separate consent outside of this document in preparation for profiling and transfer to retailers and in these cases bases its use of data on Art. 6 (1) lit. a GDPR.
Please see our further information concerning our data processing in this context in the following advertisement measures and our information concerning the use of profiles under II. Clause 2.
If you participate in our sweepstakes, we use your data to execute the sweepstakes and in particular to notify winners. If you have granted us separate consent to establish specific contact, we use your data within the scope of consent e.g. to establish contact by email or telephone (see Consent below; Art. 6 (1) lit a GDPR). The data of participants is erased from our active systems after completion of the sweepstakes. The data is archived by us only for the purpose of a legal defence, at the most until the statute of limitation of possible claims (generally 3 years). Art. 17 (3) lit. e GDPR is the legal basis. Winner data is archived for the duration of statutory retention periods based on trade and tax law as well as to avert disadvantages for the winners (e.g. recall of products) (Art. 6 (1) c GDPR) is the legal basis.
c) Postal advertisement
We use your first and last name, your postal address, and - insofar as we have received this additional information from you - your title, academic degree, your birthdate, and your professional title, industry description, and business name to dispatch offers and information concerning our company and our services and products by postal mail.
d) Email advertisement with separate consent
If you have registered separately for our newsletter, we will use your email address and possibly other personal data that you have voluntarily disclosed to us during registration (e.g. your name for personal address) for our own advertisement purposes and possibly for offers from advertisement partners contained in the newsletter.
We statistically evaluate when such an email is opened and possibly which offers of information are of interest and the level of intensity of this interest (e.g. when opening a link). This evaluation is performed to improve delivery times and to optimise the content of our offers and advertisement information.
We use the company "networker Medienfabrik GmbH" as a service provider, and we have concluded a contractual agreement concerning data protection (data processing agreement) with them.
8. Right to withdraw and object to advertisement
You can, of course, object to a use of your data for advertisement purposes at any time - also insofar as this use is permissible by law without your consent - via an informal notification to JAB, and withdraw previously granted consent. Withdrawal and objection discontinue future use. Any use prior to assertion of your right remains unaffected. We do not charge additional costs for withdrawal or objection. (In particular if you notify us by email, you do not incur any other costs except for transmission costs pursuant to your provider's base rates). Simply address your objection or withdrawal to one of the contact options listed at the end of this notice.
Our advertisement emails and the newsletter each list the email address email@example.com to easily unsubscribe from this information.
Please consider that advertisement may still reach you in isolated cases despite objection or withdrawal. Advertisement already commissioned cannot be stopped in all cases with a reasonable effort prior to the next dispatch or another comparable measure.
Your options to object also include profiling (cf. II. Clause 2) and the use of data collected within the scope of the collection of data while visiting our websites for the purpose of direct advertisement. We explain the technical options to assert your right to object and to prevent collection of data in detail in the information concerning web tools used by us under II. Clause 3. "Details concerning web analysis and advertisement". Insofar as you exercise your right to object, we will no longer process the collected data for these purposes.
More information about your rights is available under IV. What are my rights
9. Data use in case of job application
If you send us your application, we use and transmit the data provided by you for the purpose of evaluating your application records and possibly in the execution of the further application process (legal basis is Art. 88 GDPR in conjunction with Sec. 26 (1) Clause 1 German Federal Data Protection Act [BDSG]). We do not automatically supplement your data from other sources (e.g. social networks, credit checks).
We store your data for the duration of the application process and, beyond this, no longer than 6 months as of notification of a binding decision concerning the application, unless an employment agreement is concluded. A longer retention period otherwise applies only with your express consent (Art. 6 I lit. a GDPR is the legal basis), insofar as we must meet statutory requirements (Art. 6 I lit. c GDPR as the legal basis) or in case of the existence of legitimate reasons, e.g. if claims are asserted against the non-consideration of your application (legal basis Art. 6 (1) Clause 1 lit b GDPR). After the expiration of this time, your data is erased or stored only in archive systems without immediate access options insofar as required by law for archiving purposes under trade and tax law.
10. Erasure and blocking
Your personal data is stored until the stated purposes have been achieved or for as long as we have a legitimate interest in the storage of such.
The data is then deleted unless other arrangements were negotiated with you or statutory retention obligations exist (e.g. based on trade or tax law). In case of an archiving to meet statutory requirements, the data is blocked from any other access. These records are erased and destroyed within the scope of periodic measurements after the expiration of statutory retention periods in compliance with data protection regulations.
If you have consented to a collection, processing, and use of your data, we store and use your data indefinitely until withdrawal or loss of the purpose for which you have granted your consent. The data concerning consent and processing is then archived until the statutory limitation period is reached (generally 3 years) for the purpose of a legal defence (legal basis Art. 17 (3) lit. e GDPR).
If you no longer desire to receive advertising from us, then we use your name, address, and possibly email address for the purpose of blocking in corresponding lists against which we compare our advertisement measures so that you no longer receive advertisement from us. Erasure in this context means that initially your data is blocked in particular for advertisement and marketing activities in our system (legal basis Art. 6 (1) lit. f GDPR). Insofar as necessary, the data continues to be processed for purposes other than advertisement, e.g. within the scope of performance of the contract and possible guarantees as well as documentation under trade and tax law (legal basis Art. 6 (1) lit b and c GDPR).
Please let us know if you wish erasure instead of blocking despite the possible consequence that you may continue to receive advertisement.
Upon your request we can block personal data fully or partially. For this purpose, please let us know the extent and also the duration of the desired blocking. Insofar as technically possible, you can in this manner exclude processing and use of your data for specific areas either permanently or temporarily.
1. Technical information in cookies
a) Technical information
You can visit our website without entering personal data. If you visit our websites, for example via a link in a newsletter or an advertisement, we nevertheless capture specific data in so-called log files and store them. Only access data without direct personal reference is captured - even if the visit originates from newsletter links or advertisement links on the internet - e.g.
- the internet page from which you visit us
- the page that is retrieved or the name of the requested file
- the name of your internet service provider
- type and version of your browser,
- time and date of your access
- the operating system used with your browser
- the name of your internet service provider
- the internet address of the accessing computer (IP address)
- product and content in which the visitor is interested and the extent of the interest, e.g. duration, frequency, interaction with forms, navigation elements, and links
We are not able to draw conclusions as to your identity based on this data and we also do not combine the above data with personal data without your consent, unless such pertains to the pursuit of legal infringements and attacks on our systems.
By abbreviating the IP address we have also attempted to ensure that certain partners that also collect this IP address within the scope of their services are hindered from drawing conclusions as to your identity or that such is virtually impossible.
If we integrate third-party content on our website (e.g. embedded videos or other information), they receive your IP address solely for this purpose, because the content can otherwise not be delivered to your browser.
We use so-called cookies on our website. Cookies are small text files that are stored on your terminal device and that store specific settings and data for an exchange with our system or the systems of service providers through your browser. Such storage helps us design the website for you and facilitates your use, e.g. by storing specific entries made by you so that you do not have to repeat them. Most cookies also contain identification tags. With these, users and/or the browsers (software to display internet content) can be identified and differentiated from other users and browsers, and can be recognised during visits.
Many cookies are automatically erased from your hard drive after the end of the browser session (so-called session cookies). Some cookies are stored permanently on your terminal device. For your convenience, the expiration date is set to a time in the future. At the next visit, we automatically recognise that you already visited us and which settings and entries you prefer. (so-called permanent cookies). Some of these cookies serve to display information specifically aligned to your interests.
Cookies that guarantee functions without which you could not use this website as intended are used only by us. The content of such cookies is not made accessible to third parties. We place such consent-free cookies based on Art. 6 (1) lit. b GDPR.
The cookies are erased at the end of the session.
With regard to other cookies, we notify you of this privacy notice already when you visit our website. You may consent to the use of these cookies or you can use the option of deactivating data capture, e.g. through Google Analytics.
We have made an overview of the cookies used by us available under www.jab.de/content/cookies. Please first note the following general information concerning your technical options to object and our supplementary information concerning special use under II. Clause 3.
- Your technical options to object
Some web services use opt-out cookies. Based on the cookie to be placed by you ("opt-out cookie"), a web analysis service may, for example, recognise that you wish to prevent capture. We have listed the options for placing an opt-out cookie for the web services used by us separately under II. Clause 3. Google for example allows corresponding settings under https://myaccount.google.com/intro. Options for changing advertisement settings for numerous other networks are available under http://www.youronlinechoices.com/de/praferenzmanagement/or under http://optout.aboutads.info/and http://optout.networkadvertising.orgyou can obtain information about various advertisement measures and you can opt out.
If using a mobile device, you can activate the setting "Limit ad tracking" (iOS) or "Deactivate personalised ads" (Android) on the device with the corresponding operating system. This is to prevent that the advertising ID (a non-personal device ID) can be used to provide interest-based advertisement.
If you use the option of erasing all cookies in your browser or if you place an opt-out cookie, please remember that you will have to enter the relevant settings or place opt-out cookies again.
Visiting our online offer does not require the acceptance of cookies. If you do not accept cookies or deactivate them, certain options (e.g. services like favourites and information) may not be possible to you on our website and some webpages may possibly not be displayed correctly.
If you wish to conclude agreements with us, you must accept certain cookies. If you do not wish to do so, then we cannot conclude an agreement.
2. Use of profiles
Legislature calls the creation of automated data collection for one person "profiling". Pursuant to Art. 4 Clause 4 GDPR, any type of automated processing of personal data that consists of using such personal data to assess certain personal aspects with regard to a natural person, in particular in order to analyse or predict aspects concerning work, economic situation, health, personal preferences, interests, reliability or behaviour, location or movements, of such natural person, constitutes profiling.
Like many others, we also use profiles that we create based on your purchase and usage behaviour. Under no circumstances do we derive decisions that could be detrimental for you from this.
We base this process on our interest to align our offer to your needs as best as possible and to optimise it in terms of economic aspects (legal basis Art. 6 (1) lit. f GDPR). The evaluations help us optimise the relevance of our advertisement efforts, to provide more targeted information about our company and our offers, to better control resources, and to adjust our information offer and its relevance as best as possible. In our advertisement measures we also pursue the interest of protecting you against undesired or unattractive advertisement.
For this purpose we include the data that you know that we are aware of in the selection of the information presented to you. These are, for example, your transactions on our website, e.g. when ordering samples or placing orders on the marketplace as well as possibly the reason for the purchase (advertisement, campaigns, recommendations), your request for information, information already transmitted to you, or your reactions to corresponding advertisement by postal mail or our newsletter and email information (also see our Information, there under I. Clause 7).
We furthermore use discernible interests from your retrieval of our information offer on the internet across various terminal devices, e.g. your usage data in regard to our content and offers when using PC, smartphone, or tablet.
If such pursuit of the purposes is technically and economically reasonable, we remove the relevant data from your identity to safeguard your interests, pseudonymise it, and prior to an evaluation create clusters in which individual information is diluted.
The data is evaluated without your separate consent after pseudonymisation or anonymisation to safeguard the above-stated interests, which even prevents us from drawing conclusions as to your identity, so that we can improve our information, offers, and their representation within the scope of market research and advertisement.
In order to consider your personal interests in a targeted manner, we use the purchase and usage data listed above when you grant corresponding consent also within the scope of personal evaluations and create corresponding profiles in this regard, the content of which is targeted and allocated to your identity.
In this case, such allocation to your identity takes place through a login using your email address or your user name.
The duration of retention and use of the allocations captured within the scope of our online activities to specific groups (e.g. visitors that have responded to certain advertisement) are listed in our statements concerning cookies.
For the rest, processing takes place until withdrawal of consent or objection against processing.
Please see our information in I. Clause 10. concerning erasure of data once consent was granted.
We use web analysis tools to analyse user behaviour. More detailed information is found in the below "Details concerning web analysis and advertisement".
|You can also object to profiling using personal data and the further use of profile data for advertisement purposes, and withdraw consent granted by you (see I. Clause 7). Objections against profiling by web analysis and advertisement measures, insofar as such use personal data, are processed by technical means, which we explain under above II. Clause 1 b) and below under II. Clause 3 with regard to the corresponding advertisement tools. |
3. Details concerning web analysis and advertisement
Based on our legitimate interests in analysis, improvement, and the economic operation of our offer in terms of Art. 6 (1) lit. f. GDPR, we are using the following services:
Web analysis tools
For your protection, we have chosen settings based on which Google first abbreviates the last part of the IP address of visitors of our website, the IP addresses from the EU or another member state of the Agreement on the European Economic Area. The full IP address is transmitted to a server of Google in the USA is abbreviated there only in exceptional cases. We furthermore have concluded a data processing agreement with Google.
The data listed above can be captured and used across devices through identification, e.g. login to Google services. With this it is possible to capture that you start your visit of our website on a PC and continue it on a mobile device and the data from both devices can be combined. We have not activated the User-ID adjustment and thus do not collect these data.
Google will use this information to evaluate your use of the website on our behalf, to compile reports concerning website activities for us, to create interest-based target groups, and to provide other services associated with website use and internet use. Google will possibly transmit this information to third parties, insofar as this is required by law, or insofar as third parties process such data on behalf of Google. Google not combine your IP address with other data held by Google. Analytics data is set to be erased after 50 months. This time is based on our interest in comparing statistical data.
You can prevent the installation of cookies through corresponding settings of your browser software.
- Use of demographic features with Google Analytics
Google offers "demographic features". This allows the compilation on page visitors including statements concerning age, gender, and interests.
Google gains this data from interest-based advertisement and visitor data from third parties. This data is not allocated to a specific identity and is anonymised.
- Your technical options to object
As an alternative or within browsers on mobile devices you can object to the use of Google Analytics through the following link. Activating the link places an opt-out cookie that prevents capture by Google Analytics within this website for the future. Please note that this opt-out cookie works only in that browser and only for that domain. As soon as you delete your cookies in that browser, you must once again click on the link: Deactivate Google Analytics.
Content of Google maps allows us to display a map and associated services by Google LLC, Amphitheater Parkway, Mountain View, CA 94043, USA ("Google")
By visiting the website, Google receives the information that you have retrieved the corresponding subpage of our website. The technical data, which we have listed under II. Clause 1, is also transmitted. This occurs regardless of whether that third party provider offers a user account through which you are logged in or whether no user account exists. If you are logged into Google, this data can be allocated directly to your account and thus to your personal profile. After disclosure, they are used by Google for advertisement purposes, market research purposes, and the appropriate design of its services.
- Your technical options to object
If you do not wish an allocation to your profile at the third party provider, you must log out prior to using our website and after your visit delete cookies placed by Google. However, please be sure that you do not delete so-called opt-out cookies that prevent other data capture. To prevent or delete cookies, use the general options, which we have described under II. 1. Cookies.
If you wish to object against the creation of user profiles by Google, you must assert your rights there.
More information concerning the purpose and scope of data collection and the processing of such by Google LLC is available here https://www.google.de/intl/de/policies/privacy/.
4. Use of a live chat system
SnapEngage (SnapEngage LLC)
Anonymised data is collected and stored on this website through the use of technologies by SnapEngage LLC, 1919 14th St., Suite 505, Boulder, CO 80302, USA (www.snapengage.com), for the purpose of web analysis and to operate the live chat system to answer live support inquiries. User profiles may be created under a pseudonym based on this anonymised data. Cookies may also be used in this regard. Cookies are small text files that are stored locally in the cache memory of the page visitor's internet browser. Cookies allow recognition of the internet browser. Insofar as the collected information contains a personal reference, processing takes place pursuant to Art. 6 (1) lit. f GDPR based on our legitimate interest in effective customer support and for the statistical analysis of user behaviour for optimisation purposes.
Without the data subject's consent granted separately, the data collected through SnapEngage will not be used to personally identify the visitor of this website and they are not combined with personal data through the pseudonym. To prevent the placement of SnapEngage cookies, you can set your internet browser so that no cookies are placed on your computer in the future or that previously placed cookies are erased. However, if you deactivate all cookies, you may not be able to execute some functions on our internet pages. You can, at any time with effect for the future, object to data collection and storage for the purpose of creating a pseudonymised user profile by sending us your objection, informally, by email to the email address listed in the legal notice.
5. Right to object and withdraw concerning user profiles and cookies
In case of questions concerning the technical options to object as stated above or our other safety measures, please contact us at any time. (see contact information below).
1. General safety measures
The law requires that companies create reasonable levels of data protection. The respective risks to data, the likelihood of occurrence, state of technology, and costs, among other things, must all be reconciled in this regard. We have provided corresponding technical and organisational measures to realise the safety of your data and their processing pursuant to statutory requirements. In case of security concerns when entering data or in case of other questions or comments, please simply contact our customer service or our data protection officer. All contact information is listed once again at the end of this notice.
When placing an order or registering for personal access, your personal data is transmitted securely through encryption. We use the SSL (Secure Socket Layer) coding system. We use technical and organisational measures to secure our website and other systems against loss, destruction, access, rectification, and dissemination of your data by unauthorised persons. You should keep your access information confidential and close the browser window after communicating with us, in particular if you use the computer jointly with other people.
2. Protection of your payment information
Entry and transmission of your credit card information takes place through a payment form of Concardis GmbH, Helfmann-Park 7, 65760 Eschborn ("Concardis"). Concardis is a payment institution regulated by the German Financial Supervisory Authority (BAFIN) and, among other things, licensed by MasterCard and Visa. As a MasterCard and Visa licensee, Concardis regularly submits itself to security monitoring. In the process, Concardis meets the so-called PCI (Payment Card Industry Data) security standards, which are supported by all major credit card organisations so that you can securely pay online.
As a data subject affected by data processing, you can assert certain statutory rights.
1. Right to confirmation and information
Pursuant to Art. 15 GDPR you have the right to receive from us a confirmationwhether personal data pertaining to you is being processed. In the event that we process such data, you have the right to information, free of charge,about your stored data. The information includes
- processing purposes;
- categories of processed personal data;
- recipients or categories of recipients to which personal data has been or will be disclosed, in particular in case of recipients in third countries or at international organisations;
- if possible, the planned duration for which personal data is stored, or, if this is not possible, the criteria for determining this duration;
- the existence of a right to rectification or erasure of personal data affecting you or the right to restrict processing by the Controller or the right to object against this processing;
- the existence of a right to lodge a complaint with a supervisory authority;
- if personal data is not collected from the data subject: all available information concerning origin of the data;
- the existence of an automated decision-making process, including profiling, pursuant to Article 22 (1) and (4) GDPR and — at a minimum in these cases — concise information concerning the involved logic and scope and pursued effects of such a processing for the data subject.
Furthermore, the data subject has a right to obtain information whether personal data was transmitted to a third country or international organisation. If this is the case, the data subject also has the right to receive information regarding suitable guarantees in connection with the transfer. In case of questions concerning collection, processing, or use of personal data, in case of information, or other assertion of your rights, simply contact us through the contact information listed at the end of this notice.
2. Right to rectification
You have a right to rectification and/or completion against the Controller, insofar as the processed personal data pertaining to you is inaccurate or incomplete. The Controller must perform the rectification immediately.
3. Right to object
You have the right, at any time, to object against processing of personal data pertaining to you based on Art. 6 (1) lit. e or lit. f GDPR; this also applies to profiling possibly based on these provisions (with regard to the term, see II. Clause 2).
In case of an objection against data processing for direct advertisement (Art. 21 (2) GDPR) this processing ends as soon as possible after receipt of the objection (with regard to further details, see I. Clause 8.)
An objection against other processing (pursuant to Art. 21 (1) GDPR) based on Art. 6 (1) lit. e or lit. f GDPR (e.g. identity and credit check) is possible only for reasons arising from your particular situation, whereby compelling overriding interests worthy of protection may justify our continued processing.
Granted consent can be withdrawn. (Contact information, see below) You will not incur special costs (except transmission cost based on your provider's base rates).
Objection and withdrawal of consent have effect for the future. The legitimacy of data processing in the past remains unaffected.
Your objection against the credit check may result in us offering you only limited payment options or refusing the conclusion of an agreement.
4. Right to erasure (right to be forgotten)
a) Requirements for erasure
You have the right to request erasure of personal data pertaining to you. Please note that a right to immediate erasure (Art. 17 GDPR) ("right to be forgotten") exists only if one of the following reasons applies:
- The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- You withdraw your consent on which processing was based pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR and another legal basis for processing does not exist.
- Pursuant to Art. 21 (1) GDPR you object against processing and no predominant legitimate reasons exist for processing, or you object against processing for purposes of direct advertisement pursuant to Art. 21 (2) GDPR.
- The personal data pertaining to your person was processed unlawfully.
- The erasure of personal data is necessary for compliance with a legal obligation or under Union Law or the law of a member state to which the Controller is subject.
- The personal data pertaining to you was collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
b) Further right to be forgotten
If we made the personal data pertaining to you public and if pursuant to Art. 17 (1) GDPR we are obligated to erase such, we will take reasonable measures in consideration of available technologies and implementation costs, also of a technical kind, to inform the data processing Controller processing that personal data of the fact that you as the data subject have requested the erasure of all links to such personal data or copies or replications of such personal data.
c) Exceptions for erasure
In addition to the above requirements, please note that the following exceptionsmay justify a rejection of your request for erasure:
The right to erasure does not exist insofar as processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with Art. 9 (2) lit. h and i as well as Art. 9 (3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR insofar as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
5. Right to restriction of processing
You are entitled to your right to restriction of processing if you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data or if in case of unlawful processing you refuse erasure and instead request restriction of the use of personal data. You are also entitled to this right if we no longer require your data but you require this personal data for the establishment, exercise or defence of legal claims. You can also assert this right if you have objected against processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the Controller override your reasons.
If processing was restricted, this data may be processed only with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal entity or for reasons of public interest of the Union or a member state. The option of permanent retention remains unaffected. If processing was restricted pursuant to the above-stated requirements, we will notify you before removing the restriction.
6. Right to portability
You are entitled to a right of data portability of the data disclosed by you which we have processed based on a valid consent or the processing of which was necessary to enter into or fulfil a valid agreement, in a "structured, commonly used, and machine-readable format" to you. You also have the right to request direct transmission to another controller insofar as this is technically possible.
The right exists only insofar as it does not affect the rights and freedoms of other persons.
7. Assertion of your rights
In case of questions or for the assertion of your rights, please contact our customer service (e.g. under firstname.lastname@example.org.)
You can also contact our data protection officer. The data protection officer is responsible in case of complaints. You can contact our data protection officer at the following contact information:
If, in your opinion, we have not reasonably processed your request, you have the right, among other things (regardless of other administrative or judicial legal remedies), to lodge a complaint with the supervisory authority responsible for data protection, in particular in the member state of your habitual residence, place of work, or place of alleged infringement.
To establish commercial contact or specific types of data use, you may have granted us consent (e.g. for a newsletter or services within the scope of a customer login, etc.). If you have granted us consent, the consent wording is retained by us and can be retrieved. For retrieval, simply contact email@example.com. We will submit the desired information to you by email.